The Ministry of Defence (MINDEF) will establish the Defence Cyber Organisation (DCO) to strengthen and build on our existing efforts in cyber defence, in line with national initiatives to engender a secure and resilient infocomm environment. It will oversee policies, capability development and implementation to monitor and defend MINDEF and the Singapore Armed Forces (SAF)'s networks 24/7 from cyber threats. This is necessary with the significant growth in the risk of cyber threats against countries, in particular, the increase in threats towards the military and the networks of defence industry and military-related organisations.

With the growth in the risk of cyber threats, there is also an increased operational requirement for cyber defenders to manage and protect the operational networks of the SAF. To meet this increased requirement, the SAF has created a new cyber defence vocation for national servicemen, which will allow the SAF to better tap on the pool of cyber talent available within Singapore to defend the SAF's networks and systems. The SAF's cyber defenders can also be deployed to support the Cyber Security Agency (CSA) of Singapore to defend critical information infrastructure that support Singapore's power grid, transportation and telecommunications network.

The Defence Cyber Organisation

In light of the increased risk of cyber threats, there is a need to establish an organisation at the MINDEF-level to secure the entire Defence Cluster, including our defence industry partners and MINDEF-Related Organisations, against cyberattacks. The DCO will be established to lead and coordinate cyber security across the Defence Cluster, including the SAF's military networks, MINDEF/SAF's corporate IT systems, Defence Science and Technology Agency, DSO National Laboratories, MINDEF-Related Organisations and defence industry partners.

Fig. 1: Networks coordinated by DCO

The key roles of the DCO are to (i) be the lead agency for cyber security operations within the Defence Cluster; (ii) develop cyber defence strategies and policies; (iii) orchestrate capability development for cyber defence; and (iv) when required, lean forward to support the CSA in ensuring Singapore's cyber security.

The DCO will comprise four formations across MINDEF/SAF - the Cyber Security Division, the Policy and Plans Directorate, the Cyber Security Inspectorate, and the Cyber Defence Group (CDG). The Cyber Security Division will act as the operational arm of the DCO by providing daily oversight of the cyber security of the different agencies in the Defence Cluster and responding to any attacks that may occur. The Policy and Plans Directorate will architect the overall cyber defence capability development plan for the Defence Cluster. The Cyber Security Inspectorate will help strengthen the Defence Cluster's cyber defences through the conduct of vulnerability assessment exercises as well as ensuring that each Sector adheres to established cyber defence policies.

The Cyber Defence Group

The CDG will be responsible for the 24/7 cyber defence of the SAF's military networks. The establishment of the CDG will further enhance the SAF's robust and resilient military networks and systems against cyber threats. It is crucial to enhance cyber defence efforts as the potential for cyberattacks to inflict damage to our military capabilities has grown with the SAF's transformation to an increasingly networked and technology-centric force.

The CDG comprises two operational units - a Security Monitoring Unit, and an Incident Response and Audit Unit - and the Cyber Defence Test and Evaluation Centre (CyTEC). The two operational units will (i) conduct 24/7 security monitoring of the SAF's military networks and coordinate cyber defence responses; (ii) respond to cyber defence incidents on the SAF's military networks, whereby response teams will be forward deployed to identify, contain and neutralise cyber threats; and (iii) audit the security of the SAF's military networks and systems. The CyTEC, fully operational since 2015, provides facilities for network security testing, cyber defence tools evaluation, and conduct of cyber defence training and exercises. Such activities would enhance the security and resiliency of the SAF military networks and facilitated the build-up of cyber defence competency.

Structure

The DCO will be led by a Deputy Secretary from MINDEF.

Fig. 2: Structure of DCO.

Deploying National Servicemen for Cyber Defence

Cyber defenders will be selected and deployed according to operational requirements. As a pilot project, some national service cyber defenders may also be deployed to contribute to national cyber security, working with counterparts in the CSA.

Cyber defenders can be expected to perform the following roles:

• Security Operations Centre monitoring: Cyber defenders will be deployed to monitor critical networks and systems round the clock to detect any anomalies and flag out potential attacks.

• Incident Response: Should an incident occur, these cyber defenders will be able to respond rapidly to contain the incident and minimise its impact on normal operations of the SAF's networks.

• Forensic Investigation: In the aftermath of any incident, these cyber defenders will have been trained to analyse the data and help to discover patterns of activities that could allow us to better defend our networks against similar future attacks.

Skills Required - Full-time National Servicemen (NSFs) and Operationally Ready National Servicemen (NSmen) who possess relevant cyber skills, experience and academic background will be identified and selected for the cyber defence vocation. This could include those who have demonstrated their abilities at cyber competitions, as well as those are currently working in the cybersecurity industry.

To strengthen the SAF's training for cyber defence, the Headquarters Signals and Command Systems, which includes the SAF training institute for cyber defence, will sign a cyber defence training Memorandum of Understanding (MOU) with Singapore Technologies Electronics (Info-Security) and Nanyang Polytechnic in March 2017. The MOU will foster a tripartite partnership for cyber defence training in the following six areas: (i) provision of specialised courses, which are internationally accredited, and in line with industry benchmarks; (ii) co-development of customised cyber defence curriculum; (iii) industrial attachments; (iv) collaborative research and development; (v) development of a professional network; and (vi) facilitate information sharing.

Implementation Timeline - Selected soldiers will be deployed in the new cyber defence vocation from August 2017 onwards.

Existing Efforts in Cyber Defence

MINDEF/SAF is responsible for the protection of Singapore's military networks under the Whole-of-Government approach to cyber security. Our new structures build on past efforts to enhance our cyber defence, such as the Cyber Defence Operations Hub in 2013. In April 2016, Minister for Defence Dr Ng Eng Hen also announced that the SAF will double the number of cyber defence personnel, and invest in emerging technologies through the Cyber Security Operations Centre 2.0 initiative.